Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account


It is reported that hackers take advantage of WinRAR vulnerabilities to distribute LONEPAGE malicious scripts: can record keyboards, steal screenshots and other sensitive information

2024-05-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >


Shulou( Report--, December 23 (Xinhua)-- cyber security company Deep Instinct released a report on Thursday that hackers used WinRAR vulnerabilities to distribute malicious LONEPAGE scripts to attack Ukrainian employees working in companies outside Ukraine.

It is reported that the hacker group UAC-0099 uses phishing messages containing HTA, RAR and LNK file attachments to deploy LONEPAGE (a Visual Basic script VBS malware) and contact a command and control (C2) server to record keystrokes, stolen programs and screenshots.

It is reported that UAC-0099 used the WinRAR vulnerability numbered CVE-2023-38831 (CVSS score: 7.8) to distribute malicious LONEPAGE scripts.

In addition to HTA attachments, UAC-0099 is distributed through SFX and ZIP format, where the SFX file contains a LNK shortcut, which is disguised as an DOCX file for court subpoenas, while using the icon of Microsoft WordPad to induce the victim to open it. The illustration attached to is as follows:

Another attack sequence uses a specially constructed ZIP archive, which is dated August 5, 2023 in currently intercepted virus samples, three days after the WinRAR maintainer released the CVE-2023-38831 patch.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information


© 2024 SLNews company. All rights reserved.